lintai docs

Appearance

Rule Reference

SEC392lintai-ai-securitypreviewmarkdownwarn

AI markdown: shared git commit tool grant

AI-native markdown frontmatter grants `Bash(git commit:*)` tool access

Provider
lintai-ai-security
Surface
markdown
Scope
per_file
Tier
preview
Severity
warn
Confidence
high
Detection
structural
Remediation
message_only

Activation Model

Preset Membership

This rule is part of the builtin activation graph through these preset memberships.

governancemembership

Lifecycle

Preview Lifecycle Contract

State

preview_blocked

Promotion blocker

Shared git commit grants in AI-native frontmatter can be legitimate workflow policy, so the first release stays in the opt-in governance lane while usefulness and default posture are measured.

Promotion requirements

Needs corpus-backed precision review, external usefulness evidence, and completed stable checklist metadata.

Canonical note

Structural preview rule; deterministic today, but the preview contract may still evolve.

Nearby Signals

Related Rules

SEC390AI markdown: shared git push tool grantAI-native markdown frontmatter grants `Bash(git push)` tool accessmarkdownpreview
SEC391AI markdown: shared git checkout tool grantAI-native markdown frontmatter grants `Bash(git checkout:*)` tool accessmarkdownpreview
SEC393AI markdown: shared git stash tool grantAI-native markdown frontmatter grants `Bash(git stash:*)` tool accessmarkdownpreview
SEC474AI markdown: shared gh pr tool grantAI-native markdown frontmatter grants `Bash(gh pr:*)` tool accessmarkdownpreview
SEC494AI markdown: shared npm exec tool grantAI-native markdown frontmatter grants `Bash(npm exec:*)` tool accessmarkdownpreview
SEC495AI markdown: shared bunx tool grantAI-native markdown frontmatter grants `Bash(bunx:*)` tool accessmarkdownpreview

SEC392 / MD-GIT-COMMIT-PERMISSION

SEC392 flags AI-native markdown frontmatter when allowed-tools or allowed_tools grants the exact token Bash(git commit:*).

Why It Matters

Broad commit authority lets a shared skill create repository history by default. That is harder to review than a narrower workflow where commit operations stay explicit and scoped.

This rule intentionally lives in the opt-in governance preset rather than the main preview lane. Shared commit permissions can be legitimate workflow design, but they still deserve explicit review as a policy choice instead of a headline security claim.

Trigger Shape

The rule triggers only when all of these are true:

  • the file is a detected AI-native markdown instruction surface
  • the path is not fixture-like
  • allowed-tools or allowed_tools contains the exact token Bash(git commit:*)

Clean Cases

These stay clean:

  • more specific command examples such as Bash(git commit -m reviewed)
  • unrelated Git permissions like Bash(git status)
  • fixture-like examples under test or fixture paths

Example Trigger

yaml
---
allowed-tools:
  - Bash(git commit:*)
  - Read
---

Safer Example

yaml
---
allowed-tools:
  - Bash(git status)
  - Read
---

How To Fix

Review whether shared Bash(git commit:*) access is really needed, or replace it with a narrower workflow-specific permission that does not grant broad commit authority by default.